IT Security Lead

    • Chicago, IL

With a culture of recognition and reputation for excellence, ELS is the ideal organization in which to develop a long and successful career!

ELS is hiring for the position of IT Security Lead in Chicago, Illinois.

What you'll do:

The Director of IT Security will lead and enhance the operations for ELS by establishing and executing strategic, comprehensive enterprise information security and compliance programs, directives and plans, to ensure that the confidentiality, integrity, and availability of information is owned, controlled or processed in a manner compliant with ELS policy and relevant regulatory authorities.

Leadership, strong managerial skills, and the ability to build internal relationships with Internal Audit, Legal, Risk Management, Human Resources and other key ELS stakeholders are critical success elements of this position. Interpersonal skills are also vital to the role, therefore strong communication skills and relationship skills are necessary to socialize and effectively implement and operation IT Security processes at ELS.

Your job will include:

  • Overseeing the establishment and implementation of the information security program including any and all company-wide information security training efforts for IT and enterprise wide.
  • Developing and directing risk assessment activities regarding information security.
  • Providing leadership and governance on compliance initiatives, specifically PCI DSS compliance, GDPR, CCPA and similar compliance requirements. Achieving ROC on PCI compliance and maintain the status for ELS level.
  • Leading investigations of any actual or potential information security violations and managing escalation of security events; assisting with related legal matters associated with such events as needed and making recommendations to correct or prevent future incidents.
  • Keeping abreast of security incidents and acting as the primary control point during significant information security incidents. Providing leadership, direction and guidance in addressing and investigating security incidents that arise.
  • Establishing metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program.
  • Providing regular reporting on current state of information security program to senior managers as appropriate.
  • Developing and maintaining information security policies, standards, guidelines and oversee the dissemination of security policies and practices.
  • Devising a program that helps ensure that all data and information is properly categorized, controlled, protected and retained in accordance with its value and risk, and retained pursuant to applicable legal and regulatory requirements.
  • Providing leadership and guidance on information security topics, advising and collaborating on security processes, business continuity, and disaster recovery plans.
  • Ensuring that system and application security is appropriate; consulting with IT teams to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications and software.
  • Monitoring external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
  • Liaising with relevant business units (such as Internal Audit, Legal, Finance, Operations, and, HR teams), and external agencies as needed to ensure that ELS maintains a strong security posture.
  • Working with system administrators and application developers to audit, monitor and validate their environment's security, including conducting gap analysis and other comprehensive internal assessments of existing systems to improve the security infrastructure and mitigate risks.
  • Providing oversight to the architecture and engineering of new security systems; including the evaluation of technical designs.
  • Engineering, managing the implementation and monitoring of security measures for the protection of computer systems, networks and information
  • Developing, implementing and administering a suite of security services and tools to address, monitor, mitigate, and report security risk.
  • Performing special projects and other duties as assigned.

Experience & skills you'll need:
  • 10+ years experience in the Information Technology field; 7+ years experience in dedicated technical Information Security roles; 4+ years of experience in an Information Security management role; and Certified Information Systems Security Professional (CISSP), similar credentials CISA, or CCNA are a plus.
  • Bachelor of Science or higher degree in the field of Computer Science or IT Security.
  • Strong knowledge of common Information Security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA and proven track record of legal and regulatory requirements/standards, including but not limited to: Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley (SOX).
  • Experience with complex, multi-network PCI requirements and scoping with Quality Security Assessors and PCI DSS major principles.
  • Proven track record and experience in developing Information Security programs, policies and procedures, including successful implementations in large enterprise environments.
  • Experience with contract and vendor negotiations.
  • Experience securing web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols. High degree of initiative, dependability; experience managing multiple, simultaneous, and high-profile information security initiatives and responses.
  • Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity. Ability to advise infrastructure and applications staff in securing their respective environments.
  • Strong written and verbal communication skills.
  • Ability to convey security information to non-technical end-users in a way that inspires adoption and adherence to all IT and Board security policies and programs.
  • Experience with retail credit card online and card-present transactions and experience in the retail and/or hospitality industry preferred.

In return for your excellent skills and abilities, we offer a comprehensive benefits package including: medical, dental, and vision plans, a generous 401(k) employer match, and paid vacations, holidays, and sick time.

We invite you to visit our web site at for additional information regarding our exceptional resort communities.

As an Equal Opportunity Employer, we welcome and thank all applicants.

Back to top